P
US11296870B2ActiveUtilityPatentIndex 70

Key management configurations

Assignee: SAP SEPriority: Oct 1, 2019Filed: Oct 1, 2019Granted: Apr 5, 2022
Est. expiryOct 1, 2039(~13.2 yrs left)· nominal 20-yr term from priority
Inventors:Hohner ChristophZORN SASCHABLOCK MEINOLFSchindewolf Martin
H04L 9/0894H04L 9/0822H04L 9/14H04L 9/0897H04L 9/0891
70
PatentIndex Score
5
Cited by
13
References
20
Claims

Abstract

A method, a system, and a computer program product for performing key management configurations. One or more encryption keys for encrypting one or more data payloads for accessing one or more databases are received. The received encryption keys are compared to a plurality of encryption keys associated with the databases. Based on the comparison, a configuration of at least one database is changed using the received encryption keys. The changed configuration is stored.

Claims

exact text as granted — not AI-modified
What is claimed: 
     
       1. A computer-implemented method, comprising:
 receiving one or more encryption keys for encrypting one or more data payloads for accessing one or more databases, the one or more databases including a system database and one or more tenant databases, the one or more encryption keys forming one or more key management configurations being used by the system database to change configuration of the one or more tenant databases, the system database storing key management configurations for the one or more tenant databases, the receiving including testing the received one or more encryption keys to determine usability of the received one or more encryption keys; 
 comparing the tested one or more received encryption keys to a plurality of encryption keys associated with the one or more databases and included in the one or more stored key management configurations; 
 changing, based on the comparing, a configuration of at least one tenant database in the one or more databases using the received one or more encryption keys, the changing one or more properties associated with the changed configuration to generate one or more altered key management configurations and testing the one or more altered key management configuration to determine usability of the one or more altered key management configuration with the at least one tenant database; and 
 storing the tested changed configuration. 
 
     
     
       2. The method according to  claim 1 , wherein the changing the configuration of the at least one database includes adding the one or more received encryption keys to the plurality of encryption keys. 
     
     
       3. The method according to  claim 2 , wherein the adding includes storing one or more key-value settings associated with the one or more received encryption keys. 
     
     
       4. The method according to  claim 1 , wherein the changing the configuration of the at least one database includes deleting the one or more received encryption keys from the plurality of encryption keys. 
     
     
       5. The method according to  claim 1 , wherein the changing the configuration of the at least one database includes updating one or more encryption keys in the plurality of encryption keys using the one or more received encryption keys. 
     
     
       6. The method according to  claim 5 , wherein the updating includes updating one or more stored key-value settings associated with the one or more updated encryption keys. 
     
     
       7. The method according to  claim 1 , wherein at least one of the one or more received encryption keys and the plurality of encryption keys are associated with at least one of: a hardware security management system, a key management service, and a combination thereof. 
     
     
       8. The method according to  claim 1 , further comprising
 monitoring usage of the one or more received encryption keys for encrypting one or more data payloads for accessing one or more databases; and 
 executing the changing based on the monitoring. 
 
     
     
       9. A system comprising:
 at least one programmable processor; and 
 a non-transitory machine-readable medium storing instructions that, when executed by the at least one programmable processor, cause the at least one programmable processor to perform operations comprising:
 receiving one or more encryption keys for encrypting one or more data payloads for accessing one or more databases, the one or more databases including a system database and one or more tenant databases, the one or more encryption keys forming one or more key management configurations being used by the system database to change configuration of the one or more tenant databases, the system database storing key management configurations for the one or more tenant databases, the receiving including testing the received one or more encryption keys to determine usability of the received one or more encryption keys; 
 comparing the tested one or more received encryption keys to a plurality of encryption keys associated with the one or more databases and included in the one or more stored key management configurations; 
 changing, based on the comparing, a configuration of at least one tenant database in the one or more databases using the received one or more encryption keys, the changing one or more properties associated with the changed configuration to generate one or more altered key management configurations and testing the one or more altered key management configuration to determine usability of the one or more altered key management configuration with the at least one tenant database; and 
 storing the tested changed configuration. 
 
 
     
     
       10. The system according to  claim 9 , wherein the changing the configuration of the at least one database includes adding the one or more received encryption keys to the plurality of encryption keys. 
     
     
       11. The system according to  claim 10 , wherein the adding includes storing one or more key-value settings associated with the one or more received encryption keys. 
     
     
       12. The system according to  claim 9 , wherein the changing the configuration of the at least one database includes deleting the one or more received encryption keys from the plurality of encryption keys. 
     
     
       13. The system according to  claim 9 , wherein the changing the configuration of the at least one database includes updating one or more encryption keys in the plurality of encryption keys using the one or more received encryption keys. 
     
     
       14. The system according to  claim 13 , wherein the updating includes updating one or more stored key-value settings associated with the one or more updated encryption keys. 
     
     
       15. The system according to  claim 9 , wherein at least one of the one or more received encryption keys and the plurality of encryption keys are associated with at least one of: a hardware security management system, a key management service, and a combination thereof. 
     
     
       16. The system according to  claim 9 , wherein the operations further comprise
 monitoring usage of the one or more received encryption keys for encrypting one or more data payloads for accessing one or more databases; and 
 executing the changing based on the monitoring. 
 
     
     
       17. A computer program product comprising a non-transitory machine-readable medium storing instructions that, when executed by at least one programmable processor, cause the at least one programmable processor to perform operations comprising:
 receiving one or more encryption keys for encrypting one or more data payloads for accessing one or more databases, the one or more databases including a system database and one or more tenant databases, the one or more encryption keys forming one or more key management configurations being used by the system database to change configuration of the one or more tenant databases, the system database storing key management configurations for the one or more tenant databases, the receiving including testing the received one or more encryption keys to determine usability of the received one or more encryption keys; 
 comparing the tested one or more received encryption keys to a plurality of encryption keys associated with the one or more databases and included in the one or more stored key management configurations; 
 changing, based on the comparing, a configuration of at least one tenant database in the one or more databases using the received one or more encryption keys, the changing one or more properties associated with the changed configuration to generate one or more altered key management configurations and testing the one or more altered key management configuration to determine usability of the one or more altered key management configuration with the at least one tenant database; and 
 storing the tested changed configuration. 
 
     
     
       18. The computer program product according to  claim 17 , wherein the changing the configuration of the at least one database includes adding the one or more received encryption keys to the plurality of encryption keys, wherein the adding includes storing one or more key-value settings associated with the one or more received encryption keys. 
     
     
       19. The computer program product according to  claim 17 , wherein the changing the configuration of the at least one database includes deleting the one or more received encryption keys from the plurality of encryption keys. 
     
     
       20. The computer program product according to  claim 17 , wherein the changing the configuration of the at least one database includes updating one or more encryption keys in the plurality of encryption keys using the one or more received encryption keys, wherein the updating includes updating one or more stored key-value settings associated with the one or more updated encryption keys.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.